Heap-based Out-of-Bounds Write in OpenSSL Products by OpenSSL
CVE-2025-68160

Currently unrated

Key Information:

Vendor

OpenSSL
Status
OpenSSL
Vendor
CVE Published:
27 January 2026

What is CVE-2025-68160?

A vulnerability has been identified in OpenSSL where writing large, newline-free data into a BIO chain can lead to a heap-based out-of-bounds write. This memory corruption can cause an application to crash, resulting in a Denial of Service. Although this issue typically affects third-party applications that utilize the line-buffering BIO filter under specific circumstances, it is not standard practice within TLS/SSL data paths. The potential for exploitation is considered low, limiting the contexts in which attackers could leverage this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenSSL 3.6.0 < 3.6.1

OpenSSL 3.5.0 < 3.5.5

OpenSSL 3.4.0 < 3.4.4

References

https://openssl-library.org/news/secadv/20260127.txt
vendor-advisory
https://github.com/openssl/openssl/commit/4c96fbba618e194...
patch
https://github.com/openssl/openssl/commit/6845c3b6460a98b...
patch

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Petr Ĺ imeÄŤek (Aisle Research)
Stanislav Fort (Aisle Research)
Stanislav Fort (Aisle Research)
Neil Horman
JSON
.